evanmarshall
commented
3 months ago This is probably correct but I would categorize it as an informational or style issue. There's not really any sort of impact that falls out from this as a validator is decreasing their stake and increasing it at the same time. It may be beneficial to allow this if a validator notices one of their delegators unbonding and they want to quickly bond more to keep themselves in the committee.
Overall, it's a fair callout but without any sort of impact so I'd categorize it as informational.
morbsel
Medium
Validators that are already in the committee can self bond while they are unbonding
Summary
The
bond_validatorfunction only checks if a validator is unbonding if they are not already in the committee(new validator).Vulnerability Detail
In the
bond_validatorfunction, the check to ensure a validator is not unbonding is only performed in the code block if the validator is not already in the committee. This allows validators in the committee to bond additional credits even if they are in the process of unbonding. Normal delegators/stakers cannot bond to a validator that is unbonding either, creating a logical inconsistency.Impact
Logical inconsistency and potential abuse of the bonding and unbonding mechanism.
Code Snippet
Unbonding check: https://github.com/sherlock-audit/2024-05-aleo/blob/55b2e4a02f27602a54c11f964f6f610fee6f4ab8/snarkVM/synthesizer/program/src/resources/credits.aleo#L265-L268
Conditional block: https://github.com/sherlock-audit/2024-05-aleo/blob/55b2e4a02f27602a54c11f964f6f610fee6f4ab8/snarkVM/synthesizer/program/src/resources/credits.aleo#L245-L269
Tool used
Manual Review
Recommendation
Move the unbonding state check outside of the conditional block to ensure it is always performed, preventing validators from bonding additional credits while unbonding and maintaining consistency with the rules for new committee validators and delegators/stakers.